diff --git a/lib/content_security_policy/default.rb b/lib/content_security_policy/default.rb
index daebd99df5..8029bad9e4 100644
--- a/lib/content_security_policy/default.rb
+++ b/lib/content_security_policy/default.rb
@@ -9,7 +9,7 @@ class ContentSecurityPolicy
       @base_url = base_url
       @directives = {}.tap do |directives|
         directives[:upgrade_insecure_requests] = [] if SiteSetting.force_https
-        directives[:base_uri] = [:none]
+        directives[:base_uri] = [:self]
         directives[:object_src] = [:none]
         directives[:script_src] = script_src
         directives[:worker_src] = worker_src
diff --git a/spec/lib/content_security_policy_spec.rb b/spec/lib/content_security_policy_spec.rb
index 20ea52d3b2..a2d85c538c 100644
--- a/spec/lib/content_security_policy_spec.rb
+++ b/spec/lib/content_security_policy_spec.rb
@@ -19,9 +19,9 @@ describe ContentSecurityPolicy do
   end
 
   describe 'base-uri' do
-    it 'is set to none' do
+    it 'is set to self' do
       base_uri = parse(policy)['base-uri']
-      expect(base_uri).to eq(["'none'"])
+      expect(base_uri).to eq(["'self'"])
     end
   end